Proot, defeating security by ignoring it in user-space

From the proot project site :

PRoot is a user-space implementation of chroot, mount –bind, and binfmt_misc.

Android among other Linux systems creates a very restricted user mode where the end user is denied the root user privileges. This is annoying as to ‘root’ a phone can be incredibly complicated l, and beyond a normal user that wants to use their phone for more than some kind of cat video social machine (don’t tell me the incredible popularity of cat videos isn’t toxoplasmosis!).

Many new phone SOC’s are supporting external HDMI, and USB host capabilities allowing you to dock your phone and use it with a keyboard and mouse.

Well thanks to the app, aptly named UserLand, running a light weight Linux distro is just a few screen presses away!

What is cool is that by emulating a scant few system calls it makes the deployment quick and seemingly trivial. And a lot more lightweight compared to docker, User Mode Linux, or Qemu (in full system emulation). But it can invoke qemu to run foreign architecture binaries to give Intel users an Arm UserLand.

Yes, via VNC you can run X11! And yes on my phone it shows all 8 Cores.

Although I’ve been using qemu, UML and other strategies to sidestep restrictive environments, proot proves itself as an exciting new tool!

So I was building a Windows 2019 server

As I got a ‘totally legit’ serial code in my box of cereal.

After the install I thought it’d be fun to install the Linux Subsystem.

While following the powershell instructions here, I thought the list of quick links of distros to download was interesting:

That’s right ARM Linux userland! I still have high hopes for Windows on ARM (I have 2 Windows RT devices now!!) although I’m not holding my breath.

Maybe there will be some ARM boards that are suitable for the desktop that aren’t over 1k USD.. That’d be nice.

Interesting trivia is that the Linux Subsystem started it’s life on ARM as a way to run Android binaries on Windows Phone. And true to everything Microsoft does, it got to the point where it could start to run things (albeit poorly) and was summarily killed. Although it’s found life despite the original false start as a general ‘text mode’ subsystem for Windows.

However running Linux binaries on Windows currently just shows that NTOS isn’t as efficient as the Linux kernel when it comes to emulating the Linux ABI. Although this was the original ‘dream’ of the microkernel, and a POSIX subsystem for NT was always part of the original design, although it really was more of a checkbox for GSA contracts, and outside of being able to use pax & vi it really was handicapped by not having BSD extensions, and especially by not having any access to the TCP/IP stack.

win86emu: the greatest thing for Windows RT that Microsoft should have made.

While I’m writing this, I’m listening to Neuromancer via WinAmp & the ancient Speex plugin I had updated about 8 years ago.

x86 node running on Windows RT

I took my Surface, and downgraded it to the North American 8.0 version without updates, added my MS ID, and from there ran the jailbreak and win86emu (sometimes called x86node) and from there I was able to run some simple Win32 exe’s.

Even though I had done a simple cut down QuakeWorld port with the GDI only display, using win86emu it’ll run the 80386 build as well.  while I haven’t thrown much at it, I’m just amazed that so far things are working.

When you think that between the jail-break to unlock the ability to run programs combined with a CPU translator, and Win32 to Win32 thunk / translation program, why on earth did this thing ship without it?  It’s amazing that between trying to launch a platform with no inertial for applications after Android &  Apple were selling millions of hardware units, and billions of software units, and cutting the past applications.  It’s just crazy.

And then Microsoft did their normal thing when something goes wrong, which is basically end it, and destroy all evidence it existed.  There is no Windows 10 upgrade for the Surface, even though Windows 10 IOT has been hacked to run from a USB stick on the Surface, but it’s insanely slow.

I figured since this is kind of hard to find I’ll just mirror it on Source Forge… along with the source.

So while out today I found a Windows RT Surface for $25

I had to pay another $15 for the charger.  I should have run away, but I’m a sucker.

Yes, there are basically NO apps, but thanks to this little guide

QuakeWorld on Windows RT

I was able to port over some trivial stuff, the usual things like hello world, Infocom Interpreter, a f2c build of Dungeon, then I went with something I’d been messing around an old GDI driver for WinQuake that builds with the NT 3.5 SDK (finally got it!).  So with a few minor tweeks here it is cross compiled from my x86_64 to the surface.

Last time I talked about the Surface was nearly 6 years ago…  The platform’s fate was pretty much sealed on day one.  With no open Win32 API it shunned traditional devs, and with some completely new and insane model it was such a hurdle for new devs, why put so much effort into such an old tired company like Microsoft?

I figured for the price of a good lunch it’d be a fun toy.

Too bad the speakers don’t work though.

I know the window on Windows 8.1 apps is closing soon.  I should put something together for the dead platform.  Maybe for phone too.  But for tonight, it was kinda fun doing a copy/paste attack to then run unsigned EXE’s on the device.

I might upload the tool chain later, but at the moment getting Visual Studio 2012 Ultimate is a breeze.

Virtualization Challenge III – Acorn ARM Minix

(This is a guest post from Antoni Sawicki aka Tenox)

Recently came across this unfinished port of Minix 1.5 to Acorn Archimedes A310. According to the readme file this is a set of patches that needs to be applied on a standard Minix 1.5.10 code base on a Unix machine. The code then needs to be to transferred to Risc OS machine for compilation. Once complete then you need to manually create boot records and a file system. Sounds like a fun little project.

What I want is pretty standard:

  • A ready to use working disk image that anyone can unpack and run on a modern machine under an emulator of your choice (commercial OK).
  • Aclock binary and screenshot.

First person to deliver these gets a prize of £100 (that is 100 GBP / Pound Sterling). I strongly encourage to coordinate your efforts via comments.

If needed I can supply licenses for commercial Acorn emulators and C compiler for Risc OS, albeit I only have license for a modern ROOL DDE. I hope ancient version is not needed, but this part of the challenge. Note that I can’t just give away the licenses to anyone, I will only share or purchase new licenses for serious contenders on one to one basis.

Let the challenge begin!

Windows 10 ARM64 on QEMU

(This is a guest post by Antoni Sawicki aka Tenox)

Microsoft is releasing Windows 10 for ARM64 CPUs and this time, unlike Windows RT fiasco, there will be a full desktop app support including a dynamic binary translator to allow running existing x86 apps on ARM CPU, much like FX!32 on Alpha NT or Rosetta on Mac OS X.

Latest Visual Studio updates now bring official ARM/ARM64 support for Desktop Apps, little hidden, but here is how to enable it.

Being able to compile Windows ARM apps, I wanted to try to actually run them, but … on what exactly? There are some developer evaluation boards. Apparently someone managed to run it on Raspberry PI. Most importantly however you can run Windows 10 ARM64 on QEMU. This is some serious Fun With Virtualization!

Windows 10 ARM64 running on QEMU

I’m not claiming to be the first. Clever people have already done it. I just wanted to make it little easier for the lazier of us. Here is how.

Follow the link above but skip the shady UUP business in step #3 and download ready made iso instead. You can google the iso image from windows.cmd and it will take you to this link. You need the rest of the files like UEFI firmware and virtio drivers.

For the even more impatient here is a ready to run image with Windows pre-installed. Because QEMU now comes with DLL HELL I’m not including it in the archive. You will have to install it separately.

Go have fun and port some apps to ARM64 with free community edition of Visual Studio. I’m going to start with Aclock 🙂

Torbjörn Granlund’s Excellent resource on running free OS’s on Qemu

Ever get tired of x86 on x86?  yeah me too.

How to solve that problem?

Simple, grab QEMU, and jump off into all those cool RISC processors of the 1990’s that were going to save us all from the WINTEL hegemony!

Lots of instructions, samples, images, and hints here:

https://gmplib.org/~tege/qemu.html

It’s really more comprehensive than I’ve sat down to do, so yeah it’s awesome!

Supported platforms include:

mips32,mips64,sparc32,sparc64,ppc32,ppc64,arm32,arm64,s390x,alpha

Virtual Acorn – Fun with Virtualized RISC OS

(this is a guest post from Tenox)

Virtual Acorn let’s you run RISC OS on a Windows or Mac OS X host like VMware, VirtualBox or Qemu. The company page has this picture:

acorn1

…you probably don’t want to do this for real!

Currently there is a sale going on and you can buy VirtualRPC-SA for about $100. My primary reason for getting it was of course porting aclock to RISC OS. I have also decided to purchase the original compiler because it allows to target the funky 26 bit CPU. Alternatively GCC is available.

acorn-c

VirtualRPC comes “pre-installed” with the OS on a ROM image. The operating system at first glance is nice looking and for a while it’s good fun in to explore and play. You can even browse the web and use weird applications like you never seen. You can find a lot of software apps here and here and here. However for any more than that it’s not very unusable.

riscos-web

Porting of aclock was was by far a most difficult one ever, maybe except Plan 9. To display text on the screen you need to use system calls directly, for which you use a special function called _swi() or _swix(). There is no concept of sleep() so I had to improvise with an empty loop. Fortunately there are screen codes that allow to position the cursor, clear screen etc.

void cls(void) {
     (void) _swix(OS_WriteI + 12, 0);
}

The result is far from pretty but it will do for version 1:

aclock-riscos

Some funnies, which actually weren’t that funny at the time:

A directory separator in RISC OS is “.” (yes a dot) for example: root.folder.subfolder.file. The C compiler expects .c as a file extension as it would on Unix or Windows. Except naming file “aclock.c” would make a directory aclock with c file in it. Fortunately, or maybe not, extensions in RISC OS are actually prefixing, not postfixing a file. So you have c.aclock or o.aclock. Except c and o are directories. You can see c and o folders in the screenshot above. Are you confused yet?

The operating system does actually have concept of a command line interface. Try to figure out the commands!

  • dir – change directory aka “cd” on the planet Earth
  • cat – list directory aka “ls” or “dir” in your normal OS

riscos-cmd

There is more, so I encourage you to try yourself just for the fun!

 

Microsoft Giano

I stumbled across this the other day, Giano, a simulation framework.

Included is a bunch of stuff, like a basic x86 / cepc (with Windows CE 6.0 image), an Xbox 360 emulator, a SPOT emulator, some eval boards (AT91EB63?) with both MIPS and ARM cpus that even include a doom kernel like experience! A Macintosh G5 (I wonder if it’d boot with Apple ROMS..?) Oh and..

A VAX.

The VAX code is taken from SIMH but I guess to show how extensible the framework is, they mashed in enough microvax to get it going.

SIMH in a way you’ve never seen it…

At any rate, here is some other screen shots of Giano in action….

CEPC

xbox 360 alpha test

xbox360 console

And of course….

Giano MIPS doom

DOOM

Also buried in there is a new MIPS variant, the emips along with a donated NetBSD port!

Sadly I had no luck running NetBSD….

Default: 0/ace(0,0)/netbsd
boot: 0/ace(1,0)/netbsd
Loading: 0/ace(1,0)/netbsd
5085072+70448=0x4eae14
Starting at 0x80020000

memory segment 0 start 00000000 size 10000000
memory segment 1 start 10000000 size 00100000
Too much memory in cluster 0, trimming memory to range 00000000..08000000
Too much memory, ignoring memory range 10000000..10100000
pmap_steal_memory: seg 0: 0x50b 0x50b 0x7fff 0x7fff
pmap_steal_memory: seg 0: 0x54b 0x54b 0x7fff 0x7fff
pmap_steal_memory: seg 0: 0x54d 0x54d 0x7fff 0x7fff
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011
The NetBSD Foundation, Inc. All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.

NetBSD 5.99.48 (RAMDISK) #0: Tue Mar 15 01:01:14 UTC 2011
[email protected]:/home/builds/ab/HEAD/emips/201103142200Z-obj/home/builds/ab/HEAD/src/sys/arch/emips/compile/RAMDISK
Xilinx ML50x (eMIPS)
total memory = 128 MB
avail memory = 120 MB
sysctl_createv: sysctl_create(no_sa_support) returned 22
mainbus0 (root)
cpu0 at mainbus0: Toshiba or Microsoft eMIPS CPU (0x70401) Rev. 1 with software emulated floating point
cpu0: 64 TLB entries
ebus0 at mainbus0
pid 0(system): trap: cpu0, TLB miss (load or instr. fetch) in kernel mode
status=0x2000000, cause=0x8, epc=0x8002d5c8, vaddr=0xd0000000
tf=0x8054cc78 ksp=0x8054cd18 ra=0x8002d5b8 ppl=0xd0000000
kernel: TLB miss (load or instr. fetch) trap
Stopped in pid 0.1 (system) at 0x8002d5c8: lw v0,0(s0)
db>

Maybe someone else will have better luck.

— edit, it seems Microsoft has a NetBSD 4.01 download, here. And it boots!